diff options
| -rw-r--r-- | wiretap/CMakeLists.txt | 4 | ||||
| -rw-r--r-- | wiretap/Makefile.common | 8 | ||||
| -rw-r--r-- | wiretap/file_access.c | 20 | ||||
| -rw-r--r-- | wiretap/peekclassic.c (renamed from wiretap/etherpeek.c) | 221 | ||||
| -rw-r--r-- | wiretap/peekclassic.h (renamed from wiretap/etherpeek.h) | 8 | ||||
| -rw-r--r-- | wiretap/peektagged.c (renamed from wiretap/airopeek9.c) | 184 | ||||
| -rw-r--r-- | wiretap/peektagged.h (renamed from wiretap/airopeek9.h) | 9 | ||||
| -rw-r--r-- | wiretap/wtap.h | 6 |
8 files changed, 236 insertions, 224 deletions
diff --git a/wiretap/CMakeLists.txt b/wiretap/CMakeLists.txt index 1d236637be..a2147a2401 100644 --- a/wiretap/CMakeLists.txt +++ b/wiretap/CMakeLists.txt @@ -25,7 +25,6 @@ set(WIRETAP_FILES 5views.c aethra.c - airopeek9.c ascendtext.c atm.c ber.c @@ -39,7 +38,6 @@ set(WIRETAP_FILES dbs-etherwatch.c dct3trace.c erf.c - etherpeek.c eyesdn.c file_access.c file_wrappers.c @@ -64,6 +62,8 @@ set(WIRETAP_FILES packetlogger.c pcap-common.c pcapng.c + peekclassic.c + peektagged.c pppdump.c radcom.c snoop.c diff --git a/wiretap/Makefile.common b/wiretap/Makefile.common index 68c992ec3f..7034190d18 100644 --- a/wiretap/Makefile.common +++ b/wiretap/Makefile.common @@ -31,7 +31,6 @@ NONGENERATED_C_FILES = \ 5views.c \ aethra.c \ - airopeek9.c \ ascendtext.c \ atm.c \ ber.c \ @@ -45,7 +44,6 @@ NONGENERATED_C_FILES = \ dbs-etherwatch.c \ dct3trace.c \ erf.c \ - etherpeek.c \ eyesdn.c \ file_access.c \ file_wrappers.c \ @@ -70,6 +68,8 @@ NONGENERATED_C_FILES = \ packetlogger.c \ pcap-common.c \ pcapng.c \ + peekclassic.c \ + peektagged.c \ pppdump.c \ radcom.c \ snoop.c \ @@ -84,7 +84,6 @@ NONGENERATED_C_FILES = \ NONGENERATED_HEADER_FILES = \ 5views.h \ aethra.h \ - airopeek9.h \ ascendtext.h \ ascend-int.h \ atm.h \ @@ -99,7 +98,6 @@ NONGENERATED_HEADER_FILES = \ dbs-etherwatch.h \ dct3trace.h \ erf.h \ - etherpeek.h \ eyesdn.h \ file_wrappers.h \ hcidump.h \ @@ -125,6 +123,8 @@ NONGENERATED_HEADER_FILES = \ pcap-common.h \ pcap-encap.h \ pcapng.h \ + peekclassic.h \ + peektagged.h \ pppdump.h \ radcom.h \ snoop.h \ diff --git a/wiretap/file_access.c b/wiretap/file_access.c index 55f2d1b296..20153c4bb2 100644 --- a/wiretap/file_access.c +++ b/wiretap/file_access.c @@ -44,7 +44,6 @@ #include "file_wrappers.h" #include "buffer.h" #include "lanalyzer.h" -#include "airopeek9.h" #include "ngsniffer.h" #include "radcom.h" #include "ascendtext.h" @@ -60,7 +59,8 @@ #include "i4btrace.h" #include "csids.h" #include "pppdump.h" -#include "etherpeek.h" +#include "peekclassic.h" +#include "peektagged.h" #include "vms.h" #include "dbs-etherwatch.h" #include "visual.h" @@ -124,7 +124,7 @@ static wtap_open_routine_t open_routines_base[] = { visual_open, _5views_open, network_instruments_open, - airopeek9_open, + peektagged_open, dbs_etherwatch_open, k12_open, catapult_dct2000_open, @@ -155,7 +155,7 @@ static wtap_open_routine_t open_routines_base[] = { erf_open, ipfix_open, k12text_open, - etherpeek_open, + peekclassic_open, pppdump_open, iseries_open, ascend_open, @@ -643,16 +643,16 @@ static const struct file_type_info dump_open_table_base[] = { { "Visual Networks traffic capture", "visual", NULL, NULL, TRUE, FALSE, visual_dump_can_write_encap, visual_dump_open }, - /* WTAP_FILE_ETHERPEEK_V56 */ - { "WildPackets Ether/TokenPeek (V5 & V6)", "peek56", "pkt", "tpc;apc;wpz", FALSE, FALSE, + /* WTAP_FILE_PEEKCLASSIC_V56 */ + { "WildPackets classic (V5 and V6)", "peekclassic56", "pkt", "tpc;apc;wpz", FALSE, FALSE, NULL, NULL }, - /* WTAP_FILE_ETHERPEEK_V7 */ - { "WildPackets Ether/Token/AiroPeek (V7)", "peek7", "pkt", "tpc;apc;wpz", FALSE, FALSE, + /* WTAP_FILE_PEEKCLASSIC_V7 */ + { "WildPackets classic (V7)", "peekclassic7", "pkt", "tpc;apc;wpz", FALSE, FALSE, NULL, NULL }, - /* WTAP_FILE_AIROPEEK_V9 */ - { "WildPackets Ether/AiroPeek (V9)", "peek9", "pkt", "tpc;apc;wpz", FALSE, FALSE, + /* WTAP_FILE_PEEKTAGGED */ + { "WildPackets tagged", "peektagged", "pkt", "tpc;apc;wpz", FALSE, FALSE, NULL, NULL }, /* WTAP_FILE_MPEG */ diff --git a/wiretap/etherpeek.c b/wiretap/peekclassic.c index 419364922f..06ec4c0647 100644 --- a/wiretap/etherpeek.c +++ b/wiretap/peekclassic.c @@ -1,6 +1,18 @@ -/* etherpeek.c - * Routines for opening EtherPeek and AiroPeek (and TokenPeek?) V5, V6, - * and V7 files +/* peekclassic.c + * Routines for opening files in what WildPackets calls the classic file + * format in the description of their "PeekRdr Sample Application" (C++ + * source code to read their capture files, downloading of which requires + * a maintenance contract, so it's not free as in beer and probably not + * as in speech, either). + * + * As that description says, it's used by AiroPeek and AiroPeek NX prior + * to 2.0, EtherPeek prior to 6.0, and EtherPeek NX prior to 3.0. It + * was probably also used by TokenPeek. + * + * This handles versions 5, 6, and 7 of that format (the format version + * number is what appears in the file, and is distinct from the application + * version number). + * * Copyright (c) 2001, Daniel Thompson <d.thompson@gmx.net> * * $Id$ @@ -31,28 +43,22 @@ #include "wtap-int.h" #include "file_wrappers.h" #include "buffer.h" -#include "etherpeek.h" +#include "peekclassic.h" /* CREDITS * * This file decoder could not have been writen without examining how * tcptrace (http://www.tcptrace.org/) handles EtherPeek files. */ -/* - * NOTE: it says "etherpeek" because the first files seen that use this - * format were EtherPeek files; however, AiroPeek files using it have - * also been seen, and I suspect TokenPeek uses it as well. - */ - /* master header */ -typedef struct etherpeek_master_header { +typedef struct peekclassic_master_header { guint8 version; guint8 status; -} etherpeek_master_header_t; -#define ETHERPEEK_MASTER_HDR_SIZE 2 +} peekclassic_master_header_t; +#define PEEKCLASSIC_MASTER_HDR_SIZE 2 /* secondary header (V5,V6,V7) */ -typedef struct etherpeek_v567_header { +typedef struct peekclassic_v567_header { guint32 filelength; guint32 numPackets; guint32 timeDate; @@ -63,16 +69,16 @@ typedef struct etherpeek_v567_header { guint32 appVers; /* App Version Number Maj.Min.Bug.Build */ guint32 linkSpeed; /* Link Speed Bits/sec */ guint32 reserved[3]; -} etherpeek_v567_header_t; -#define ETHERPEEK_V567_HDR_SIZE 48 +} peekclassic_v567_header_t; +#define PEEKCLASSIC_V567_HDR_SIZE 48 /* full header */ -typedef struct etherpeek_header { - etherpeek_master_header_t master; +typedef struct peekclassic_header { + peekclassic_master_header_t master; union { - etherpeek_v567_header_t v567; + peekclassic_v567_header_t v567; } secondary; -} etherpeek_header_t; +} peekclassic_header_t; /* * Packet header (V5, V6). @@ -88,23 +94,23 @@ typedef struct etherpeek_header { * * So, instead, we #define numbers as the offsets of the fields. */ -#define ETHERPEEK_V56_LENGTH_OFFSET 0 -#define ETHERPEEK_V56_SLICE_LENGTH_OFFSET 2 -#define ETHERPEEK_V56_FLAGS_OFFSET 4 -#define ETHERPEEK_V56_STATUS_OFFSET 5 -#define ETHERPEEK_V56_TIMESTAMP_OFFSET 6 -#define ETHERPEEK_V56_DESTNUM_OFFSET 10 -#define ETHERPEEK_V56_SRCNUM_OFFSET 12 -#define ETHERPEEK_V56_PROTONUM_OFFSET 14 -#define ETHERPEEK_V56_PROTOSTR_OFFSET 16 -#define ETHERPEEK_V56_FILTERNUM_OFFSET 24 -#define ETHERPEEK_V56_PKT_SIZE 26 +#define PEEKCLASSIC_V56_LENGTH_OFFSET 0 +#define PEEKCLASSIC_V56_SLICE_LENGTH_OFFSET 2 +#define PEEKCLASSIC_V56_FLAGS_OFFSET 4 +#define PEEKCLASSIC_V56_STATUS_OFFSET 5 +#define PEEKCLASSIC_V56_TIMESTAMP_OFFSET 6 +#define PEEKCLASSIC_V56_DESTNUM_OFFSET 10 +#define PEEKCLASSIC_V56_SRCNUM_OFFSET 12 +#define PEEKCLASSIC_V56_PROTONUM_OFFSET 14 +#define PEEKCLASSIC_V56_PROTOSTR_OFFSET 16 +#define PEEKCLASSIC_V56_FILTERNUM_OFFSET 24 +#define PEEKCLASSIC_V56_PKT_SIZE 26 /* 64-bit time in micro seconds from the (Mac) epoch */ -typedef struct etherpeek_utime { +typedef struct peekclassic_utime { guint32 upper; guint32 lower; -} etherpeek_utime; +} peekclassic_utime; /* * Packet header (V7). @@ -112,49 +118,50 @@ typedef struct etherpeek_utime { * This doesn't have the same alignment problem, but we do it with * #defines anyway. */ -#define ETHERPEEK_V7_PROTONUM_OFFSET 0 -#define ETHERPEEK_V7_LENGTH_OFFSET 2 -#define ETHERPEEK_V7_SLICE_LENGTH_OFFSET 4 -#define ETHERPEEK_V7_FLAGS_OFFSET 6 -#define ETHERPEEK_V7_STATUS_OFFSET 7 -#define ETHERPEEK_V7_TIMESTAMP_OFFSET 8 -#define ETHERPEEK_V7_PKT_SIZE 16 - -typedef struct etherpeek_encap_lookup { +#define PEEKCLASSIC_V7_PROTONUM_OFFSET 0 +#define PEEKCLASSIC_V7_LENGTH_OFFSET 2 +#define PEEKCLASSIC_V7_SLICE_LENGTH_OFFSET 4 +#define PEEKCLASSIC_V7_FLAGS_OFFSET 6 +#define PEEKCLASSIC_V7_STATUS_OFFSET 7 +#define PEEKCLASSIC_V7_TIMESTAMP_OFFSET 8 +#define PEEKCLASSIC_V7_PKT_SIZE 16 + +typedef struct peekclassic_encap_lookup { guint16 protoNum; int encap; -} etherpeek_encap_lookup_t; +} peekclassic_encap_lookup_t; static const unsigned int mac2unix = 2082844800u; -static const etherpeek_encap_lookup_t etherpeek_encap[] = { +static const peekclassic_encap_lookup_t peekclassic_encap[] = { { 1400, WTAP_ENCAP_ETHERNET } }; -#define NUM_ETHERPEEK_ENCAPS \ - (sizeof (etherpeek_encap) / sizeof (etherpeek_encap[0])) +#define NUM_PEEKCLASSIC_ENCAPS \ + (sizeof (peekclassic_encap) / sizeof (peekclassic_encap[0])) typedef struct { struct timeval reference_time; -} etherpeek_t; +} peekclassic_t; -static gboolean etherpeek_read_v7(wtap *wth, int *err, gchar **err_info, +static gboolean peekclassic_read_v7(wtap *wth, int *err, gchar **err_info, gint64 *data_offset); -static gboolean etherpeek_seek_read_v7(wtap *wth, gint64 seek_off, +static gboolean peekclassic_seek_read_v7(wtap *wth, gint64 seek_off, union wtap_pseudo_header *pseudo_header, guint8 *pd, int length, int *err, gchar **err_info); -static gboolean etherpeek_read_v56(wtap *wth, int *err, gchar **err_info, +static gboolean peekclassic_read_v56(wtap *wth, int *err, gchar **err_info, gint64 *data_offset); -static gboolean etherpeek_seek_read_v56(wtap *wth, gint64 seek_off, +static gboolean peekclassic_seek_read_v56(wtap *wth, gint64 seek_off, union wtap_pseudo_header *pseudo_header, guint8 *pd, int length, int *err, gchar **err_info); -int etherpeek_open(wtap *wth, int *err, gchar **err_info) +int +peekclassic_open(wtap *wth, int *err, gchar **err_info) { - etherpeek_header_t ep_hdr; + peekclassic_header_t ep_hdr; struct timeval reference_time; int file_encap; - etherpeek_t *etherpeek; + peekclassic_t *peekclassic; - /* EtherPeek files do not start with a magic value large enough + /* Peek classic files do not start with a magic value large enough * to be unique; hence we use the following algorithm to determine * the type of an unknown file: * - populate the master header and reject file if there is no match @@ -162,7 +169,7 @@ int etherpeek_open(wtap *wth, int *err, gchar **err_info) * is zero, and check some other fields; this isn't perfect, * and we may have to add more checks at some point. */ - g_assert(sizeof(ep_hdr.master) == ETHERPEEK_MASTER_HDR_SIZE); + g_assert(sizeof(ep_hdr.master) == PEEKCLASSIC_MASTER_HDR_SIZE); wtap_file_read_unknown_bytes( &ep_hdr.master, sizeof(ep_hdr.master), wth->fh, err, err_info); @@ -188,7 +195,7 @@ int etherpeek_open(wtap *wth, int *err, gchar **err_info) case 7: /* get the secondary header */ g_assert(sizeof(ep_hdr.secondary.v567) == - ETHERPEEK_V567_HDR_SIZE); + PEEKCLASSIC_V567_HDR_SIZE); wtap_file_read_unknown_bytes( &ep_hdr.secondary.v567, sizeof(ep_hdr.secondary.v567), wth->fh, err, err_info); @@ -202,11 +209,11 @@ int etherpeek_open(wtap *wth, int *err, gchar **err_info) /* * Check the mediaType and physMedium fields. - * We assume it's not an EtherPeek/TokenPeek/AiroPeek - * file if these aren't values we know, rather than - * reporting them as invalid *Peek files, as, given - * the lack of a magic number, we need all the checks - * we can get. + * We assume it's not a Peek classic file if + * these aren't values we know, rather than + * reporting them as invalid Peek classic files, + * as, given the lack of a magic number, we need + * all the checks we can get. */ ep_hdr.secondary.v567.mediaType = g_ntohl(ep_hdr.secondary.v567.mediaType); @@ -302,33 +309,33 @@ int etherpeek_open(wtap *wth, int *err, gchar **err_info) } /* - * This is an EtherPeek (or TokenPeek or AiroPeek?) file. + * This is a Peek classic file. * * At this point we have recognised the file type and have populated * the whole ep_hdr structure in host byte order. */ - etherpeek = (etherpeek_t *)g_malloc(sizeof(etherpeek_t)); - wth->priv = (void *)etherpeek; - etherpeek->reference_time = reference_time; + peekclassic = (peekclassic_t *)g_malloc(sizeof(peekclassic_t)); + wth->priv = (void *)peekclassic; + peekclassic->reference_time = reference_time; switch (ep_hdr.master.version) { case 5: case 6: - wth->file_type = WTAP_FILE_ETHERPEEK_V56; + wth->file_type = WTAP_FILE_PEEKCLASSIC_V56; /* * XXX - can we get the file encapsulation from the * header in the same way we do for V7 files? */ wth->file_encap = WTAP_ENCAP_PER_PACKET; - wth->subtype_read = etherpeek_read_v56; - wth->subtype_seek_read = etherpeek_seek_read_v56; + wth->subtype_read = peekclassic_read_v56; + wth->subtype_seek_read = peekclassic_seek_read_v56; break; case 7: - wth->file_type = WTAP_FILE_ETHERPEEK_V7; + wth->file_type = WTAP_FILE_PEEKCLASSIC_V7; wth->file_encap = file_encap; - wth->subtype_read = etherpeek_read_v7; - wth->subtype_seek_read = etherpeek_seek_read_v7; + wth->subtype_read = peekclassic_read_v7; + wth->subtype_seek_read = peekclassic_seek_read_v7; break; default: @@ -342,10 +349,10 @@ int etherpeek_open(wtap *wth, int *err, gchar **err_info) return 1; } -static gboolean etherpeek_read_v7(wtap *wth, int *err, gchar **err_info, - gint64 *data_offset) +static gboolean +peekclassic_read_v7(wtap *wth, int *err, gchar **err_info, gint64 *data_offset) { - guint8 ep_pkt[ETHERPEEK_V7_PKT_SIZE]; + guint8 ep_pkt[PEEKCLASSIC_V7_PKT_SIZE]; #if 0 guint16 protoNum; #endif @@ -366,15 +373,15 @@ static gboolean etherpeek_read_v7(wtap *wth, int *err, gchar **err_info, /* Extract the fields from the packet */ #if 0 - protoNum = pntohs(&ep_pkt[ETHERPEEK_V7_PROTONUM_OFFSET]); + protoNum = pntohs(&ep_pkt[PEEKCLASSIC_V7_PROTONUM_OFFSET]); #endif - length = pntohs(&ep_pkt[ETHERPEEK_V7_LENGTH_OFFSET]); - sliceLength = pntohs(&ep_pkt[ETHERPEEK_V7_SLICE_LENGTH_OFFSET]); + length = pntohs(&ep_pkt[PEEKCLASSIC_V7_LENGTH_OFFSET]); + sliceLength = pntohs(&ep_pkt[PEEKCLASSIC_V7_SLICE_LENGTH_OFFSET]); #if 0 - flags = ep_pkt[ETHERPEEK_V7_FLAGS_OFFSET]; + flags = ep_pkt[PEEKCLASSIC_V7_FLAGS_OFFSET]; #endif - status = ep_pkt[ETHERPEEK_V7_STATUS_OFFSET]; - timestamp = pntohll(&ep_pkt[ETHERPEEK_V7_TIMESTAMP_OFFSET]); + status = ep_pkt[PEEKCLASSIC_V7_STATUS_OFFSET]; + timestamp = pntohll(&ep_pkt[PEEKCLASSIC_V7_TIMESTAMP_OFFSET]); /* force sliceLength to be the actual length of the packet */ if (0 == sliceLength) { @@ -433,11 +440,11 @@ static gboolean etherpeek_read_v7(wtap *wth, int *err, gchar **err_info, } static gboolean -etherpeek_seek_read_v7(wtap *wth, gint64 seek_off, +peekclassic_seek_read_v7(wtap *wth, gint64 seek_off, union wtap_pseudo_header *pseudo_header, guint8 *pd, int length, int *err, gchar **err_info) { - guint8 ep_pkt[ETHERPEEK_V7_PKT_SIZE]; + guint8 ep_pkt[PEEKCLASSIC_V7_PKT_SIZE]; guint8 status; if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1) @@ -446,7 +453,7 @@ etherpeek_seek_read_v7(wtap *wth, gint64 seek_off, /* Read the packet header. */ wtap_file_read_expected_bytes(ep_pkt, sizeof(ep_pkt), wth->random_fh, err, err_info); - status = ep_pkt[ETHERPEEK_V7_STATUS_OFFSET]; + status = ep_pkt[PEEKCLASSIC_V7_STATUS_OFFSET]; switch (wth->file_encap) { @@ -471,11 +478,11 @@ etherpeek_seek_read_v7(wtap *wth, gint64 seek_off, return TRUE; } -static gboolean etherpeek_read_v56(wtap *wth, int *err, gchar **err_info, - gint64 *data_offset) +static gboolean +peekclassic_read_v56(wtap *wth, int *err, gchar **err_info, gint64 *data_offset) { - etherpeek_t *etherpeek = (etherpeek_t *)wth->priv; - guint8 ep_pkt[ETHERPEEK_V56_PKT_SIZE]; + peekclassic_t *peekclassic = (peekclassic_t *)wth->priv; + guint8 ep_pkt[PEEKCLASSIC_V56_PKT_SIZE]; guint16 length; guint16 sliceLength; #if 0 @@ -507,19 +514,19 @@ static gboolean etherpeek_read_v56(wtap *wth, int *err, gchar **err_info, err_info); /* Extract the fields from the packet */ - length = pntohs(&ep_pkt[ETHERPEEK_V56_LENGTH_OFFSET]); - sliceLength = pntohs(&ep_pkt[ETHERPEEK_V56_SLICE_LENGTH_OFFSET]); + length = pntohs(&ep_pkt[PEEKCLASSIC_V56_LENGTH_OFFSET]); + sliceLength = pntohs(&ep_pkt[PEEKCLASSIC_V56_SLICE_LENGTH_OFFSET]); #if 0 - flags = ep_pkt[ETHERPEEK_V56_FLAGS_OFFSET]; - status = ep_pkt[ETHERPEEK_V56_STATUS_OFFSET]; + flags = ep_pkt[PEEKCLASSIC_V56_FLAGS_OFFSET]; + status = ep_pkt[PEEKCLASSIC_V56_STATUS_OFFSET]; #endif - timestamp = pntohl(&ep_pkt[ETHERPEEK_V56_TIMESTAMP_OFFSET]); + timestamp = pntohl(&ep_pkt[PEEKCLASSIC_V56_TIMESTAMP_OFFSET]); #if 0 - destNum = pntohs(&ep_pkt[ETHERPEEK_V56_DESTNUM_OFFSET]); - srcNum = pntohs(&ep_pkt[ETHERPEEK_V56_SRCNUM_OFFSET]); + destNum = pntohs(&ep_pkt[PEEKCLASSIC_V56_DESTNUM_OFFSET]); + srcNum = pntohs(&ep_pkt[PEEKCLASSIC_V56_SRCNUM_OFFSET]); #endif - protoNum = pntohs(&ep_pkt[ETHERPEEK_V56_PROTONUM_OFFSET]); - memcpy(protoStr, &ep_pkt[ETHERPEEK_V56_PROTOSTR_OFFSET], + protoNum = pntohs(&ep_pkt[PEEKCLASSIC_V56_PROTONUM_OFFSET]); + memcpy(protoStr, &ep_pkt[PEEKCLASSIC_V56_PROTOSTR_OFFSET], sizeof protoStr); /* @@ -541,14 +548,14 @@ static gboolean etherpeek_read_v56(wtap *wth, int *err, gchar **err_info, wth->phdr.len = length; wth->phdr.caplen = sliceLength; /* timestamp is in milliseconds since reference_time */ - wth->phdr.ts.secs = etherpeek->reference_time.tv_sec + wth->phdr.ts.secs = peekclassic->reference_time.tv_sec + (timestamp / 1000); wth->phdr.ts.nsecs = 1000 * (timestamp % 1000) * 1000; wth->phdr.pkt_encap = WTAP_ENCAP_UNKNOWN; - for (i=0; i<NUM_ETHERPEEK_ENCAPS; i++) { - if (etherpeek_encap[i].protoNum == protoNum) { - wth->phdr.pkt_encap = etherpeek_encap[i].encap; + for (i=0; i<NUM_PEEKCLASSIC_ENCAPS; i++) { + if (peekclassic_encap[i].protoNum == protoNum) { + wth->phdr.pkt_encap = peekclassic_encap[i].encap; } } @@ -563,11 +570,11 @@ static gboolean etherpeek_read_v56(wtap *wth, int *err, gchar **err_info, } static gboolean -etherpeek_seek_read_v56(wtap *wth, gint64 seek_off, +peekclassic_seek_read_v56(wtap *wth, gint64 seek_off, union wtap_pseudo_header *pseudo_header, guint8 *pd, int length, int *err, gchar **err_info) { - guint8 ep_pkt[ETHERPEEK_V56_PKT_SIZE]; + guint8 ep_pkt[PEEKCLASSIC_V56_PKT_SIZE]; int pkt_encap; guint16 protoNum; unsigned int i; @@ -578,11 +585,11 @@ etherpeek_seek_read_v56(wtap *wth, gint64 seek_off, wtap_file_read_expected_bytes(ep_pkt, sizeof(ep_pkt), wth->random_fh, err, err_info); - protoNum = pntohs(&ep_pkt[ETHERPEEK_V56_PROTONUM_OFFSET]); + protoNum = pntohs(&ep_pkt[PEEKCLASSIC_V56_PROTONUM_OFFSET]); pkt_encap = WTAP_ENCAP_UNKNOWN; - for (i=0; i<NUM_ETHERPEEK_ENCAPS; i++) { - if (etherpeek_encap[i].protoNum == protoNum) { - pkt_encap = etherpeek_encap[i].encap; + for (i=0; i<NUM_PEEKCLASSIC_ENCAPS; i++) { + if (peekclassic_encap[i].protoNum == protoNum) { + pkt_encap = peekclassic_encap[i].encap; } } diff --git a/wiretap/etherpeek.h b/wiretap/peekclassic.h index 8e22ad9749..99c902ee45 100644 --- a/wiretap/etherpeek.h +++ b/wiretap/peekclassic.h @@ -1,4 +1,4 @@ -/* etherpeek.h +/* peekclassic.h * * $Id$ * @@ -21,12 +21,12 @@ * */ -#ifndef __W_ETHERPEEK_H__ -#define __W_ETHERPEEK_H__ +#ifndef __W_PEEKCLASSIC_H__ +#define __W_PEEKCLASSIC_H__ #include <glib.h> #include <wtap.h> -int etherpeek_open(wtap *wth, int *err, gchar **err_info); +int peekclassic_open(wtap *wth, int *err, gchar **err_info); #endif diff --git a/wiretap/airopeek9.c b/wiretap/peektagged.c index 3d44a32a0f..4ed6b84d64 100644 --- a/wiretap/airopeek9.c +++ b/wiretap/peektagged.c @@ -1,5 +1,16 @@ -/* airopeek9.c - * Routines for opening EtherPeek and AiroPeek V9 files +/* peektagged.c + * Routines for opening files in what WildPackets calls the tagged file + * format in the description of their "PeekRdr Sample Application" (C++ + * source code to read their capture files, downloading of which requires + * a maintenance contract, so it's not free as in beer and probably not + * as in speech, either). + * + * As that description says, it's used by AiroPeek and AiroPeek NX 2.0 + * and later, EtherPeek 6.0 and later, EtherPeek NX 3.0 and later, + * EtherPeek VX 1.0 and later, GigaPeek NX 1.0 and later, Omni3 1.0 + * and later (both OmniPeek and the Remote Engine), and WANPeek NX + * 1.0 and later. They also say it'll be used by future WildPackets + * products. * * $Id$ * @@ -30,27 +41,22 @@ #include "wtap-int.h" #include "file_wrappers.h" #include "buffer.h" -#include "airopeek9.h" +#include "peektagged.h" /* CREDITS * * This file decoder could not have been writen without examining - * http://www.varsanofiev.com/inside/airopeekv9.htm, the help from - * Martin Regner and Guy Harris, and the etherpeek.c file. - */ - -/* - * NOTE: it says "airopeek" because the first files seen that use this - * format were AiroPeek files; however, EtherPeek files using it have - * also been seen. + * http://www.varsanofiev.com/inside/peektagged.htm, the help from + * Martin Regner and Guy Harris, and the etherpeek.c file (as it + * was called before renaming it to peekclassic.c). */ /* section header */ -typedef struct airopeek_section_header { +typedef struct peektagged_section_header { gint8 section_id[4]; guint32 section_len; guint32 section_const; -} airopeek_section_header_t; +} peektagged_section_header_t; /* * Network subtype values. @@ -59,38 +65,38 @@ typedef struct airopeek_section_header { * network adapter types, with some adapters supplying the FCS and others * not supplying the FCS? */ -#define AIROPEEK_V9_NST_ETHERNET 0 -#define AIROPEEK_V9_NST_802_11 1 /* 802.11 with 0's at the end */ -#define AIROPEEK_V9_NST_802_11_2 2 /* 802.11 with 0's at the end */ -#define AIROPEEK_V9_NST_802_11_WITH_FCS 3 /* 802.11 with FCS at the end */ +#define PEEKTAGGED_NST_ETHERNET 0 +#define PEEKTAGGED_NST_802_11 1 /* 802.11 with 0's at the end */ +#define PEEKTAGGED_NST_802_11_2 2 /* 802.11 with 0's at the end */ +#define PEEKTAGGED_NST_802_11_WITH_FCS 3 /* 802.11 with FCS at the end */ /* tags for fields in packet header */ -#define TAG_AIROPEEK_V9_LENGTH 0x0000 -#define TAG_AIROPEEK_V9_TIMESTAMP_LOWER 0x0001 -#define TAG_AIROPEEK_V9_TIMESTAMP_UPPER 0x0002 -#define TAG_AIROPEEK_V9_FLAGS_AND_STATUS 0x0003 -#define TAG_AIROPEEK_V9_CHANNEL 0x0004 -#define TAG_AIROPEEK_V9_RATE 0x0005 -#define TAG_AIROPEEK_V9_SIGNAL_PERC 0x0006 -#define TAG_AIROPEEK_V9_SIGNAL_DBM 0x0007 -#define TAG_AIROPEEK_V9_NOISE_PERC 0x0008 -#define TAG_AIROPEEK_V9_NOISE_DBM 0x0009 -#define TAG_AIROPEEK_V9_UNKNOWN_0x000D 0x000D -#define TAG_AIROPEEK_V9_SLICE_LENGTH 0xffff +#define TAG_PEEKTAGGED_LENGTH 0x0000 +#define TAG_PEEKTAGGED_TIMESTAMP_LOWER 0x0001 +#define TAG_PEEKTAGGED_TIMESTAMP_UPPER 0x0002 +#define TAG_PEEKTAGGED_FLAGS_AND_STATUS 0x0003 +#define TAG_PEEKTAGGED_CHANNEL 0x0004 +#define TAG_PEEKTAGGED_RATE 0x0005 +#define TAG_PEEKTAGGED_SIGNAL_PERC 0x0006 +#define TAG_PEEKTAGGED_SIGNAL_DBM 0x0007 +#define TAG_PEEKTAGGED_NOISE_PERC 0x0008 +#define TAG_PEEKTAGGED_NOISE_DBM 0x0009 +#define TAG_PEEKTAGGED_UNKNOWN_0x000D 0x000D +#define TAG_PEEKTAGGED_SLICE_LENGTH 0xffff /* 64-bit time in nanoseconds from the (Windows FILETIME) epoch */ -typedef struct airopeek_utime { +typedef struct peektagged_utime { guint32 upper; guint32 lower; -} airopeek_utime; +} peektagged_utime; typedef struct { gboolean has_fcs; -} airopeek9_t; +} peektagged_t; -static gboolean airopeekv9_read(wtap *wth, int *err, gchar **err_info, +static gboolean peektagged_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset); -static gboolean airopeekv9_seek_read(wtap *wth, gint64 seek_off, +static gboolean peektagged_seek_read(wtap *wth, gint64 seek_off, union wtap_pseudo_header *pseudo_header, guint8 *pd, int length, int *err, gchar **err_info); @@ -180,22 +186,22 @@ static int wtap_file_read_number (wtap *wth, guint32 *num, int *err, } -int airopeek9_open(wtap *wth, int *err, gchar **err_info) +int peektagged_open(wtap *wth, int *err, gchar **err_info) { - airopeek_section_header_t ap_hdr; + peektagged_section_header_t ap_hdr; int ret; guint32 fileVersion; guint32 mediaType; guint32 mediaSubType = 0; int file_encap; - static const int airopeek9_encap[] = { + static const int peektagged_encap[] = { WTAP_ENCAP_ETHERNET, WTAP_ENCAP_IEEE_802_11_WITH_RADIO, WTAP_ENCAP_IEEE_802_11_WITH_RADIO, WTAP_ENCAP_IEEE_802_11_WITH_RADIO }; - #define NUM_AIROPEEK9_ENCAPS (sizeof airopeek9_encap / sizeof airopeek9_encap[0]) - airopeek9_t *airopeek9; + #define NUM_PEEKTAGGED_ENCAPS (sizeof peektagged_encap / sizeof peektagged_encap[0]) + peektagged_t *peektagged; wtap_file_read_unknown_bytes(&ap_hdr, sizeof(ap_hdr), wth->fh, err, err_info); @@ -228,7 +234,7 @@ int airopeek9_open(wtap *wth, int *err, gchar **err_info) if (fileVersion != 9) { /* We only support version 9. */ *err = WTAP_ERR_UNSUPPORTED; - *err_info = g_strdup_printf("airopeekv9: version %u unsupported", + *err_info = g_strdup_printf("peektagged: version %u unsupported", fileVersion); return -1; } @@ -248,7 +254,7 @@ int airopeek9_open(wtap *wth, int *err, gchar **err_info) return -1; if (ret == 0) { *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup("airopeekv9: <MediaType> tag not found"); + *err_info = g_strdup("peektagged: <MediaType> tag not found"); return -1; } /* XXX - this appears to be 0 in both the EtherPeek and AiroPeek @@ -258,7 +264,7 @@ int airopeek9_open(wtap *wth, int *err, gchar **err_info) return -1; if (ret == 0) { *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup("airopeekv9: <MediaType> value not found"); + *err_info = g_strdup("peektagged: <MediaType> value not found"); return -1; } @@ -267,7 +273,7 @@ int airopeek9_open(wtap *wth, int *err, gchar **err_info) return -1; if (ret == 0) { *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup("airopeekv9: <MediaSubType> tag not found"); + *err_info = g_strdup("peektagged: <MediaSubType> tag not found"); return -1; } ret = wtap_file_read_number (wth, &mediaSubType, err, err_info); @@ -275,13 +281,13 @@ int airopeek9_open(wtap *wth, int *err, gchar **err_info) return -1; if (ret == 0) { *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup("airopeekv9: <MediaSubType> value not found"); + *err_info = g_strdup("peektagged: <MediaSubType> value not found"); return -1; } - if (mediaSubType >= NUM_AIROPEEK9_ENCAPS - || airopeek9_encap[mediaSubType] == WTAP_ENCAP_UNKNOWN) { + if (mediaSubType >= NUM_PEEKTAGGED_ENCAPS + || peektagged_encap[mediaSubType] == WTAP_ENCAP_UNKNOWN) { *err = WTAP_ERR_UNSUPPORTED_ENCAP; - *err_info = g_strdup_printf("airopeekv9: network type %u unknown or unsupported", + *err_info = g_strdup_printf("peektagged: network type %u unknown or unsupported", mediaSubType); return -1; } @@ -301,26 +307,26 @@ int airopeek9_open(wtap *wth, int *err, gchar **err_info) /* * This is an EtherPeek or AiroPeek V9 file. */ - file_encap = airopeek9_encap[mediaSubType]; + file_encap = peektagged_encap[mediaSubType]; - wth->file_type = WTAP_FILE_AIROPEEK_V9; + wth->file_type = WTAP_FILE_PEEKTAGGED; wth->file_encap = file_encap; - wth->subtype_read = airopeekv9_read; - wth->subtype_seek_read = airopeekv9_seek_read; + wth->subtype_read = peektagged_read; + wth->subtype_seek_read = peektagged_seek_read; wth->tsprecision = WTAP_FILE_TSPREC_NSEC; - airopeek9 = (airopeek9_t *)g_malloc(sizeof(airopeek9_t)); - wth->priv = (void *)airopeek9; + peektagged = (peektagged_t *)g_malloc(sizeof(peektagged_t)); + wth->priv = (void *)peektagged; switch (mediaSubType) { - case AIROPEEK_V9_NST_ETHERNET: - case AIROPEEK_V9_NST_802_11: - case AIROPEEK_V9_NST_802_11_2: - airopeek9->has_fcs = FALSE; + case PEEKTAGGED_NST_ETHERNET: + case PEEKTAGGED_NST_802_11: + case PEEKTAGGED_NST_802_11_2: + peektagged->has_fcs = FALSE; break; - case AIROPEEK_V9_NST_802_11_WITH_FCS: - airopeek9->has_fcs = TRUE; + case PEEKTAGGED_NST_802_11_WITH_FCS: + peektagged->has_fcs = TRUE; break; } @@ -332,7 +338,7 @@ int airopeek9_open(wtap *wth, int *err, gchar **err_info) typedef struct { guint32 length; guint32 sliceLength; - airopeek_utime timestamp; + peektagged_utime timestamp; struct ieee_802_11_phdr ieee_802_11; } hdr_info_t; @@ -346,7 +352,7 @@ typedef struct { * are present. */ static int -airopeekv9_process_header(FILE_T fh, hdr_info_t *hdr_info, int *err, +peektagged_process_header(FILE_T fh, hdr_info_t *hdr_info, int *err, gchar **err_info) { int header_len = 0; @@ -382,90 +388,90 @@ airopeekv9_process_header(FILE_T fh, hdr_info_t *hdr_info, int *err, tag = pletohs(&tag_value[0]); switch (tag) { - case TAG_AIROPEEK_V9_LENGTH: + case TAG_PEEKTAGGED_LENGTH: if (saw_length) { *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup("airopeekv9: record has two length fields"); + *err_info = g_strdup("peektagged: record has two length fields"); return 0; } hdr_info->length = pletohl(&tag_value[2]); saw_length = TRUE; break; - case TAG_AIROPEEK_V9_TIMESTAMP_LOWER: + case TAG_PEEKTAGGED_TIMESTAMP_LOWER: if (saw_timestamp_lower) { *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup("airopeekv9: record has two timestamp-lower fields"); + *err_info = g_strdup("peektagged: record has two timestamp-lower fields"); return 0; } hdr_info->timestamp.lower = pletohl(&tag_value[2]); saw_timestamp_lower = TRUE; break; - case TAG_AIROPEEK_V9_TIMESTAMP_UPPER: + case TAG_PEEKTAGGED_TIMESTAMP_UPPER: if (saw_timestamp_upper) { *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup("airopeekv9: record has two timestamp-upper fields"); + *err_info = g_strdup("peektagged: record has two timestamp-upper fields"); return 0; } hdr_info->timestamp.upper = pletohl(&tag_value[2]); saw_timestamp_upper = TRUE; break; - case TAG_AIROPEEK_V9_FLAGS_AND_STATUS: + case TAG_PEEKTAGGED_FLAGS_AND_STATUS: /* XXX - not used yet */ break; - case TAG_AIROPEEK_V9_CHANNEL: + case TAG_PEEKTAGGED_CHANNEL: hdr_info->ieee_802_11.channel = pletohl(&tag_value[2]); break; - case TAG_AIROPEEK_V9_RATE: + case TAG_PEEKTAGGED_RATE: hdr_info->ieee_802_11.data_rate = pletohl(&tag_value[2]); break; - case TAG_AIROPEEK_V9_SIGNAL_PERC: + case TAG_PEEKTAGGED_SIGNAL_PERC: hdr_info->ieee_802_11.signal_level = pletohl(&tag_value[2]); break; - case TAG_AIROPEEK_V9_SIGNAL_DBM: + case TAG_PEEKTAGGED_SIGNAL_DBM: /* XXX - not used yet */ break; - case TAG_AIROPEEK_V9_NOISE_PERC: + case TAG_PEEKTAGGED_NOISE_PERC: /* XXX - not used yet */ break; - case TAG_AIROPEEK_V9_NOISE_DBM: + case TAG_PEEKTAGGED_NOISE_DBM: /* XXX - not used yet */ break; - case TAG_AIROPEEK_V9_UNKNOWN_0x000D: + case TAG_PEEKTAGGED_UNKNOWN_0x000D: /* XXX - seen in an EtherPeek capture; value unknown */ break; - case TAG_AIROPEEK_V9_SLICE_LENGTH: + case TAG_PEEKTAGGED_SLICE_LENGTH: hdr_info->sliceLength = pletohl(&tag_value[2]); break; default: break; } - } while (tag != TAG_AIROPEEK_V9_SLICE_LENGTH); /* last tag */ + } while (tag != TAG_PEEKTAGGED_SLICE_LENGTH); /* last tag */ if (!saw_length) { *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup("airopeekv9: record has no length field"); + *err_info = g_strdup("peektagged: record has no length field"); return 0; } if (!saw_timestamp_lower) { *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup("airopeekv9: record has no timestamp-lower field"); + *err_info = g_strdup("peektagged: record has no timestamp-lower field"); return 0; } if (!saw_timestamp_upper) { *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup("airopeekv9: record has no timestamp-upper field"); + *err_info = g_strdup("peektagged: record has no timestamp-upper field"); return 0; } @@ -482,10 +488,10 @@ airopeekv9_process_header(FILE_T fh, hdr_info_t *hdr_info, int *err, */ #define TIME_FIXUP_CONSTANT (369.0*365.25*24*60*60-(3.0*24*60*60+6.0*60*60)) -static gboolean airopeekv9_read(wtap *wth, int *err, gchar **err_info, +static gboolean peektagged_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset) { - airopeek9_t *airopeek9 = (airopeek9_t *)wth->priv; + peektagged_t *peektagged = (peektagged_t *)wth->priv; hdr_info_t hdr_info; int hdrlen; double t; @@ -493,7 +499,7 @@ static gboolean airopeekv9_read(wtap *wth, int *err, gchar **err_info, *data_offset = file_tell(wth->fh); /* Process the packet header. */ - hdrlen = airopeekv9_process_header(wth->fh, &hdr_info, err, err_info); + hdrlen = peektagged_process_header(wth->fh, &hdr_info, err, err_info); if (hdrlen == 0) return FALSE; @@ -509,7 +515,7 @@ static gboolean airopeekv9_read(wtap *wth, int *err, gchar **err_info, * to allocate space for an immensely-large packet. */ *err = WTAP_ERR_BAD_FILE; - *err_info = g_strdup_printf("airopeek9: File has %u-byte packet, bigger than maximum of %u", + *err_info = g_strdup_printf("peektagged: File has %u-byte packet, bigger than maximum of %u", hdr_info.sliceLength, WTAP_MAX_PACKET_SIZE); return FALSE; } @@ -549,7 +555,7 @@ static gboolean airopeekv9_read(wtap *wth, int *err, gchar **err_info, * whether to supply it as an FCS or discard it. */ wth->pseudo_header.ieee_802_11 = hdr_info.ieee_802_11; - if (airopeek9->has_fcs) + if (peektagged->has_fcs) wth->pseudo_header.ieee_802_11.fcs_len = 4; else { wth->pseudo_header.ieee_802_11.fcs_len = 0; @@ -574,25 +580,25 @@ static gboolean airopeekv9_read(wtap *wth, int *err, gchar **err_info, static gboolean -airopeekv9_seek_read(wtap *wth, gint64 seek_off, +peektagged_seek_read(wtap *wth, gint64 seek_off, union wtap_pseudo_header *pseudo_header, guint8 *pd, int length, int *err, gchar **err_info) { - airopeek9_t *airopeek9 = (airopeek9_t *)wth->priv; + peektagged_t *peektagged = (peektagged_t *)wth->priv; hdr_info_t hdr_info; if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1) return FALSE; /* Process the packet header. */ - if (airopeekv9_process_header(wth->random_fh, &hdr_info, err, err_info) == -1) + if (peektagged_process_header(wth->random_fh, &hdr_info, err, err_info) == -1) return FALSE; switch (wth->file_encap) { case WTAP_ENCAP_IEEE_802_11_WITH_RADIO: pseudo_header->ieee_802_11 = hdr_info.ieee_802_11; - if (airopeek9->has_fcs) + if (peektagged->has_fcs) pseudo_header->ieee_802_11.fcs_len = 4; else pseudo_header->ieee_802_11.fcs_len = 0; diff --git a/wiretap/airopeek9.h b/wiretap/peektagged.h index 6672c99d61..e73da0c0bd 100644 --- a/wiretap/airopeek9.h +++ b/wiretap/peektagged.h @@ -1,4 +1,4 @@ -/* airopeek9.h +/* peektagged.h * * $Id$ * @@ -18,13 +18,12 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - * */ -#ifndef __W_AIROPEEK9_H__ -#define __W_AIROPEEK9_H__ +#ifndef __W_PEEKTAGGED_H__ +#define __W_PEEKTAGGED_H__ #include <glib.h> -int airopeek9_open(wtap *wth, int *err, gchar **err_info); +int peektagged_open(wtap *wth, int *err, gchar **err_info); #endif diff --git a/wiretap/wtap.h b/wiretap/wtap.h index d854802ca3..c7f0a46c89 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -286,9 +286,9 @@ extern "C" { #define WTAP_FILE_K12 40 #define WTAP_FILE_TOSHIBA 41 #define WTAP_FILE_VISUAL_NETWORKS 42 -#define WTAP_FILE_ETHERPEEK_V56 43 -#define WTAP_FILE_ETHERPEEK_V7 44 -#define WTAP_FILE_AIROPEEK_V9 45 +#define WTAP_FILE_PEEKCLASSIC_V56 43 +#define WTAP_FILE_PEEKCLASSIC_V7 44 +#define WTAP_FILE_PEEKTAGGED 45 #define WTAP_FILE_MPEG 46 #define WTAP_FILE_K12TEXT 47 #define WTAP_FILE_NETSCREEN 48 |